科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>encryption - How to Reverse Engineer DataZipCompression.LoadString Algorithm from a .NET DLL Using dnSpy? - Stack Overflow

    encryption - How to Reverse Engineer DataZipCompression.LoadString Algorithm from a .NET DLL Using dnSpy? - Stack Overflow

    programmeradmin1浏览0评论

    I'm trying to reverse engineer a .NET DLL file using dnSpy, and I've encountered a method that decompresses and decrypts a file into an XML string. The relevant code snippet is:

    <Module>.DataZipCompression.LoadString(
    <Module>.?A0xdbfabc02.g_pDataZipCompression, 
    ref basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t>>, 
    ref basic_string<char, std::char_traits<char>, std::allocator<char>>, 
    true
);

    Full fragment:

    basic_string<char,std::char_traits<char>,std::allocator<char>\u0020> basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>;
                        <Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{ctor}(ref basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>);
                        try
                        {
                            <Module>.DataZipCompression.LoadString(<Module>.?A0xdbfabc02.g_pDataZipCompression, ref basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>_u0020>4, ref basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>, true);
                            byte[] array3 = new byte[<Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.length(ref basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>)];
                            for (int i = 0; i < array3.Length; i++)
                            {
                                sbyte* ptr3 = <Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.[](ref basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>, (uint)i);
                                array3[i] = (byte)(*ptr3);
                            }
                            UTF8Encoding utf8Encoding = new UTF8Encoding();
                            string @string = utf8Encoding.GetString(array3);
                            XmlDocument xmlDocument = new XmlDocument();
                            xmlDocument.LoadXml(@string);
                            dataContainerProperties = genericSerializer.FromXmlStringIgnoreParentName(xmlDocument.OuterXml);
                        }
                        catch
                        {
                            <Module>.___CxxCallUnwindDtor(ldftn(std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{dtor}), (void*)(&basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>));
                            throw;
                        }
                        <Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{dtor}(ref basic_string<char,std::char_traits<char>,std::allocator<char>_u0020>);

    After this line executes, a decompressed and decrypted XML string appears in memory. My goal is to understand the algorithm used in DataZipCompression.LoadString so I can replicate the decryption and decompression process outside of the DLL.

    What I've Tried:

    • Decompiled the DLL using dnSpy to locate the DataZipCompression class and LoadString method.
    • Analyzed the method's parameters and return values.
    • Attempted to trace the flow of data through the method.
    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论